Santander Bank

1356

Comments

  • VTR1000
    VTR1000 Posts: 22 Forumite
    18cc wrote: »
    This is how scams like this work

    First of all you get a text saying £1,300 has been spent was it you or not. This is not from Santander but number spoofing is used to make it look as though the text came from santander's number...

    You reply no - this is irrelevant the fraudster has no access to your reply. However they ring you up a few minutes later and say 'thanks for saying no we need to check your account and I will take you through security'

    meanwhile they are on the Santander internet banking screen. they need your Santander user ID of course they enter that onto the Santander banking screen. the Santander banking screen askes for digits 2 and 6 of your security code .the fraudster says to you in order to identify you please give me digits 2 and 6 of your security code...

    You give it to them and they enter this onto the Santander banking screen. This gives them access to your account

    They of course cannot send money to a new payee without a one-time password sent to your mobile number

    Often the scammers will make up some convincing explanation as to why you should give it to them

    I'm not saying all of this happened to you I'm just telling you the way frauds like this work

    The only similarity is that I got a text and call.

    There's three stages to go through before you are in the account with the online banking.

    a) Personal ID
    b) Password
    c) Security code

    None of which have been shared - me giving them two of the five digit security code won't get you past the first two stages.
  • VTR1000
    VTR1000 Posts: 22 Forumite
    colsten wrote: »
    Everybody in your office will use the same IP when accessing external sites. It will be impossible to tell from the IP address whether it was you or one of your colleagues. Just as it will be impossible to tell from your home IP address who in your home was making the transactions.

    Agreed, but the as the times matched my browser history I'm confident it was me.
  • 18cc
    18cc Posts: 2,120 Forumite
    Agreed you need those three pieces of information

    the first piece - your username - can be obtained from the Santander website. you need the following information your name your date of birth and your postcode

    once entered it takes you to a second screen where it asks you for your debit card long number and CVV code

    it then displays your username

    clearly you gave the first lot of information over the phone they may have had your debit card and CVV another way either by having physical access to your card at some time or by you using it online o

    obviously only you would know if you used it and on what sites

    That is two of the three i.e. username and security number digits which they have with the information you gave them

    the password I don't know
  • VTR1000
    VTR1000 Posts: 22 Forumite
    18cc wrote: »
    Agreed you need those three pieces of information

    the first piece - your username - can be obtained from the Santander website. you need the following information your name your date of birth and your postcode

    Ok, so lets assume they have somehow gleaned my DOB and post code.

    once entered it takes you to a second screen where it asks you for your debit card long number and CVV code

    I buy everything online and in the shops with a credit card which is paid monthly in full. The only time I've used my debit card for a purchase this year was to order car tax. However, lets assume somehow they've managed to get an image of the front of the card and watched me enter my PIN at a cash point - they still can't see the CVV.

    it then displays your username

    Not without the CVV

    clearly you gave the first lot of information over the phone they may have had your debit card and CVV another way either by having physical access to your card at some time or by you using it online o

    Card in my wallet all the time and not used online and no OTP received

    obviously only you would know if you used it and on what sites

    That is two of the three i.e. username and security number digits which they have with the information you gave them

    the password I don't know

    It's my belief if they had that level of detail that is being suggested they'd have taken the £20k that was in the account at the time - why mess about with £1,300's worth of chavvy stuff being posted to a traceable address?
  • 18cc
    18cc Posts: 2,120 Forumite
    they dont need to glean your dob and postcode you told them on the phone
  • VTR1000
    VTR1000 Posts: 22 Forumite
    18cc wrote: »
    they dont need to glean your dob and postcode you told them on the phone

    And your point is?

    They still need the other info, where did that come from?
  • 18cc
    18cc Posts: 2,120 Forumite
    My point is that I am trying to help you by giving you some pointers as to how frauds like this are perpetrated

    it may well be it was not done this way in your case but I hoped the information in my posts might be helpful to you when trying to pizxle out what happened

    Use the info as you wish
  • VTR1000
    VTR1000 Posts: 22 Forumite
    18cc wrote: »
    My point is that I am trying to help you by giving you some pointers as to how frauds like this are perpetrated

    it may well be it was not done this way in your case but I hoped the information in my posts might be helpful to you when trying to pizxle out what happened

    Use the info as you wish

    Apologies for the tone of my post - it stems from frustration.

    For clarity:

    a) the only time I've used my debit card online this year was to pay for road tax.
    b) I use it about once a month to take cash out - top and bottom of the card are never visible at the same time.
    c) I run Malwarebytes and there's none reported on my home laptop.
    d) I work for a FTSE100 who have sophisticated anti spyware software - only two people could remotely access my work laptop.
    e) For sure the text I received was from Santander as it started off the whole issue.
    f) I've not had any calls from Santander, other than the one that sparked the issue off.
    g) I've not used my debit card for a purchase other than for road tax this/last year and holidays in 2018.
    h) I've never written my details down and the wife doesn't know them, so could not inadvertently give them out.

    I couldn't of provided the level of detail known by the thief and it's my account... Having online access to the account would not have given the thief the CVV code.

    Anyway, thanks all for your input.
  • robatwork
    robatwork Posts: 7,086
    Name Dropper Photogenic First Post First Anniversary
    Forumite
    VTR1000 wrote: »
    d) I work for a FTSE100 who have sophisticated anti spyware software - only two people could remotely access my work laptop.

    Just read the thread but I didn't see the bit where you said the IPs logged were your home and work. If I missed it and work is included then my comment is about the above.

    I use and have used remote access software since it first existed from telnet and vnc up to bomgar and connectwise.
    "Only two people" sounds dodgy. If there is a remote access host on your PC then perhaps you believe only 2 people have the credentials, but in reality your company's entire IT community and perhaps wider could have the details.

    Can you let me know the name of the remote access program?
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 342.4K Banking & Borrowing
  • 249.9K Reduce Debt & Boost Income
  • 449.4K Spending & Discounts
  • 234.6K Work, Benefits & Business
  • 607K Mortgages, Homes & Bills
  • 172.8K Life & Family
  • 247.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 15.8K Discuss & Feedback
  • 15.1K Coronavirus Support Boards